[Snyk] Security upgrade @pnp/cli-microsoft365 from 3.7.0-beta.b01397d to 3.8.0

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	No	No Known Exploit
584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @pnp/cli-microsoft365

The new version differs by 39 commits.

a1375b3 Updates release notes
cc0cb62 Fixes the 'spo tenant appcatalog add' command. Closes #2300
df36819 Updates release notes
454b4a3 Patches the vulnerable xmldom dependency
2dc02e7 Fixes broken tests when default output configured to JSON. Closes #2305
e60d2cb Adds the 'M365 health status' sample script. Closes #2107.
51495c4 Updates release notes
de3e560 Adds the 'List all Microsoft Teams team's Owners and Members' sample. Closes #2284
2f5a2e7 Updates release notes
f3f4f7c Adds new sample for granting API permissions to SharePoint AAD App. Closes #2243
c8a74fe Restores showing original API errors. Closes #2138
c1cdbe4 Adds the 'aad policy list' command. Closes #2164
2a02c35 Updates release notes
ff0b5ae Adds support for configuring default output. Closes #2246
1760e4a Updates version to v3.8.0
0731a34 Updates release notes
3fcc7ce Extends spfx doctor with support for SPFx v1.12. Closes #2173
78619f9 Adds support for upgrading SPFx projects to v1.12. Closes #2154
bbd07ba Updates release notes
d469cde Add site external users report sample. Closes #2277
bb5c52d Adds the 'Delete all Microsoft 365 groups and SharePoint sites' sample. Closes #2278
713002b Updates release notes
03aeb2c Updates product name from 'Microsoft Flow' to 'Power Automate'. Closes #2259
0994167 Adds the `spo site apppermission get` command. Closes #2207

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

estruyf / doctor

[Snyk] Security upgrade @pnp/cli-microsoft365 from 3.7.0-beta.b01397d to 3.8.0 #115

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: